All geek questions in one place

Are there commercially deployed and used .NET CAS (Code Access Security) applications?

I saw a couple of threads here on SO that ask about what CAS is and how to use it. My specific feature is specifically focused on the use of CAS in the real world.

For instance:

  • DotNetNuke has made some efforts in the past to be able to work under average trust: is that true? what is the% DNN that runs in partial trust (i.e. not full trust)? which of the DNN modules are run in partial trust?)
  • Sharepoint by default uses a partially trusted environment for dll libraries executed from the bin folder: how many "commercially available" WebParts can work in this bin folder (without changing the policy)?

The key here is being able to point out CAS success stories, so other companies feel that they should also invest in CAS-enabled applications.

+4
source share
2 answers

I found that IT admins could not understand CAS or knew that they really exist. The control panel application is painful to use and differs in versions of the operating system and .net.

Software developers, as a rule, did not understand the implementation of Microsoft CAS, and over time it was not easier for them to configure, deploy, or manage. Given that we are 8 years old at .net, this is a pretty sad reflection on Microsoft's attempts at security with .net.

+2
source

Since .NET 4 Beta 2, the political part of code access security (CAS) is deprecated. See Code Access Security is no longer used in .NET 4 Beta 2 . Still, an interesting feature of .NET is managing or enforcing internal access rights, but any feature that uses IT administrators for sep policies will create confusion.

+1
source

Source: https://habr.com/ru/post/1299899/

More articles:


All Articles